The logout success handler is invoked to generate a HTTP response object. Then each logout handler is invoked with the incoming, logout HTTP request, the response, and the authentication token (the logged in user).

When to Use Logout and Logout Success Handlers

Use logout handlers when an application needs to perform some sort of cleanup when a user signs out. I recently implemented a logout handler that invalidated all active access tokens on an internal facing OAuth authentication server. When a user logs out, they would be logged out of all applications calling into the OAuth server: a behavior we wanted to enforce.

A success handler should be implemented when some custom behavior needs to happen to generate a logout response. The same app that invalidated access tokens also needed some custom response behavior for logout: we needed to ensure the user was redirected to a URL stored in the database. The custom handler looked up the URL and generated redirect response.